Accessing the Cisco Router CLI

You can access the Cisco router CLI via any of three methods:

Console The console connection requires a direct connection to the console port of the router using a rollover cable normally from the serial interface of a computer. This method is considered the most secure for administration of the router because it requires a physical connection to the router. This method can prove impractical for enterprise networks.

Auxiliary The auxiliary connection is normally a remote dialup connection completed by connecting a modem to the aux port of the router. The administrator just dials in to the attached modem to initiate the connection to the modem. This method is commonly used for administering large networks or as a backup method to Telnet.

Telnet The Telnet connection occurs via the network interface. Telnet connections can be completed using Telnet or Secure Shell (SSH). Telnet is a clear-text protocol and should be restricted to internal (protected) network segments only. SSH is a protocol that uses encryption and can be used for remote management across public networks. This method is the most common for remote administration because it allows for administration of an entire enterprise from a central location. Additional steps are required to configure the router to accept SSH connections:

- Enable the SSH server To enable the SSH server on the router, you must enter the global configuration mode and configure the domain name for the device. The domain name is important because it is used when generating the SSH key, which is used to authenticate the router when making the connection:

RouterA(config)#ip domain-name

Next, you should use the crypto key generate rsa command followed by the key length. - Configure the SSH parameters on the router The optional command ip ssh

{[timeout seconds ]|[authentication-retries interger ]} enables you to configure the authentication parameters for the SSH connection to the router. It tells the router how long to wait for a response from the client and how many attempts to allow before terminating the connection.

If you want to restrict the router to only SSH connections, you must add the command transport input ssh from the line configuration mode.

The implementation of SSH is discussed in greater detail in Chapter 5 .

0 0

Post a comment